InterServer Web Hosting and VPS

Twitter has confirmed that a bug in its system enabled hackers to get access to personal data of around 5.4 million users. In a blog post, the company said that back in January it received a report through its bug bounty program that if someone submitted an email address or phone number to Twitter’s systems, it would tell the person what Twitter account the submitted email addresses or phone number was associated with. Soon after, the company released an update fixing the bug. Now, months after the bug was fixed, the micro-blogging platform has confirmed that hackers took advantage of the zero-day bug before the company became aware of it and patched it. Also Read – WhatsApp Group members may soon be able to quietly leave a group chat: Here’s how

InterServer Web Hosting and VPS

“In July 2022, we learned through a press report that someone had potentially leveraged this and was offering to sell the information they had compiled. After reviewing a sample of the available data for sale, we confirmed that a bad actor had taken advantage of the issue before it was addressed,” Twitter wrote in a blog post. Also Read – How to download videos from Twitter app on your smartphone (Android/iOS)

While the company didn’t confirm how many users were affected by this hack, it did say that it was informing all affected users, particularly people with pseudonymous accounts. Also Read – Microsoft brings Outlook to budget Android smartphones with Outlook Lite app

“We will be directly notifying the account owners we can confirm were affected by this issue. We are publishing this update because we aren’t able to confirm every account that was potentially impacted, and are particularly mindful of people with pseudonymous accounts who can be targeted by state or other actors,” the company added.

About the Twitter bug

Back in January, HackerOne reported a bug in Twitter’s system that left users’ personal data, which includes their phone numbers and email address, susceptible to be accessed by anyone who entered a phone number or email address. At the time, the publication had also said that the bug enabled hackers to access data of users even if they had enabled privacy settings to hide these details publicly.

Then last month, Restore Privacy said that the hackers had exploited the bug that a they were selling this data for $30,000.

Source link